Bug 1301295
Summary: | [abrt] BUG: unable to handle kernel NULL pointer dereference at 0000000000000023 [udf] | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | andreas.stoeckel | ||||||
Component: | kernel | Assignee: | Kernel Maintainer List <kernel-maint> | ||||||
Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | unspecified | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 23 | CC: | andreas.stoeckel, gansalmon, itamar, james, jonathan, kernel-maint, madhu.chinakonda, mchehab | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | x86_64 | ||||||||
OS: | Unspecified | ||||||||
URL: | https://retrace.fedoraproject.org/faf/reports/bthash/3370e2a0cde321b9f952b37c0a9c2e750851d792 | ||||||||
Whiteboard: | abrt_hash:3eb3a73ab87cd210a9299dbda55a073d5bd841e0;VARIANT_ID=workstation; | ||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2016-10-26 16:55:42 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
andreas.stoeckel
2016-01-23 19:27:48 UTC
Created attachment 1117470 [details]
File: dmesg
Note that the linked bug #1185885 describes a very similar problem, which also occurred when opening a BluRay disc. So it seems there is a crash bug in the UDF file system driver at least since Fedora 21 which has not been fixed. This is STILL present in F23, 4.4.6-301.fc23.x86_64. Maybe it should be reported upstream. [140460.155328] VFS: busy inodes on changed media or resized disk sr1 [140485.190418] VFS: busy inodes on changed media or resized disk sr1 [141177.280784] UDF-fs: warning (device sr1): udf_get_pblock_meta25: error reading from METADATA, trying to read from MIRROR [141178.629216] UDF-fs: error (device sr1): udf_read_inode: (ino 12209439) failed !bh [141178.629244] UDF-fs: warning (device sr1): udf_find_metadata_inode_efe: metadata inode efe not found [141178.629318] BUG: unable to handle kernel NULL pointer dereference at 0000000000000023 [141178.629462] IP: [<ffffffffa0a43fbb>] udf_try_read_meta+0x3b/0xc0 [udf] [141178.629567] PGD 0 [141178.629601] Oops: 0000 [#1] SMP [141178.629655] Modules linked in: cts rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache nls_utf8 udf crc_itu_t rfcomm fuse xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_filter ebtable_nat ebtable_broute bridge stp llc ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw bnep arc4 ath9k snd_hda_codec_hdmi ath9k_common snd_hda_codec_conexant snd_hda_codec_generic ath9k_hw intel_rapl iosf_mbi snd_hda_intel ath x86_pkg_temp_thermal snd_usb_audio snd_hda_codec coretemp mac80211 [141178.630863] snd_hda_core kvm_intel snd_usbmidi_lib snd_hwdep snd_rawmidi iTCO_wdt iTCO_vendor_support snd_seq toshiba_wmi kvm sparse_keymap uvcvideo snd_seq_device uas videobuf2_vmalloc videobuf2_memops usb_storage snd_pcm irqbypass crct10dif_pclmul videobuf2_v4l2 btusb crc32_pclmul btrtl videobuf2_core btbcm cfg80211 btintel v4l2_common bluetooth videodev snd_timer media joydev snd rfkill mei_me i2c_i801 lpc_ich mei acpi_als shpchp soundcore kfifo_buf industrialio wmi tpm_tis tpm nfsd nfs_acl lockd auth_rpcgss grace sunrpc xfs libcrc32c i915 i2c_algo_bit drm_kms_helper crc32c_intel drm serio_raw atl1c fjes video [141178.631833] CPU: 7 PID: 9141 Comm: vlc Not tainted 4.4.6-301.fc23.x86_64 #1 [141178.631924] Hardware name: NOVATECH LTD A15/NY3200S, BIOS 303 07/04/2012 [141178.632012] task: ffff8801a73b8000 ti: ffff880006728000 task.ti: ffff880006728000 [141178.632108] RIP: 0010:[<ffffffffa0a43fbb>] [<ffffffffa0a43fbb>] udf_try_read_meta+0x3b/0xc0 [udf] [141178.632233] RSP: 0018:ffff88000672ba78 EFLAGS: 00010246 [141178.632303] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff88000672ba88 [141178.632393] RDX: ffff88000672ba90 RSI: 000000000000026c RDI: fffffffffffffffb [141178.632484] RBP: ffff88000672bad0 R08: ffff88000672ba7c R09: ffff88000672ba80 [141178.632574] R10: 0000000000000001 R11: 00000000000003e6 R12: 0000000000000000 [141178.632665] R13: ffff88000266d800 R14: 000000000000026c R15: 0000000000000000 [141178.632757] FS: 00007fea25f5f700(0000) GS:ffff8802171c0000(0000) knlGS:0000000000000000 [141178.632859] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [141178.632933] CR2: 0000000000000023 CR3: 0000000105d34000 CR4: 00000000000406e0 [141178.633024] Stack: [141178.633054] ffff88000266d800 0000000000000001 ffff8802171d7db0 0000000000000000 [141178.633165] 0000000000000246 ffff88000672bad0 0000000027a2eaa1 ffff8802077a99d6 [141178.633275] 0000000000000001 ffff88000266d800 000000000000026c ffff88000672bb08 [141178.633393] Call Trace: [141178.633442] [<ffffffffa0a44572>] udf_get_pblock_meta25+0x92/0xe0 [udf] [141178.633514] [<ffffffffa0a43f76>] udf_get_pblock+0x36/0x40 [udf] [141178.633580] [<ffffffffa0a3d4fd>] __udf_iget+0x3d/0xa80 [udf] [141178.633660] [<ffffffffa0a41a22>] udf_lookup+0xc2/0xf0 [udf] [141178.633739] [<ffffffff8123791d>] lookup_real+0x1d/0x60 [141178.633811] [<ffffffff81238e92>] __lookup_hash+0x42/0x60 [141178.633886] [<ffffffff8123aa16>] walk_component+0x226/0x300 [141178.633965] [<ffffffff81336f31>] ? security_inode_permission+0x41/0x60 [141178.634054] [<ffffffff8123b49b>] link_path_walk+0x17b/0x570 [141178.634130] [<ffffffff8123947b>] ? path_init+0x1eb/0x380 [141178.634204] [<ffffffff8123bd59>] path_openat+0xa9/0x1320 [141178.634279] [<ffffffff811ec225>] ? page_add_file_rmap+0x25/0x60 [141178.634362] [<ffffffff811acf53>] ? unlock_page+0x73/0x90 [141178.634442] [<ffffffff8123e191>] do_filp_open+0x91/0x100 [141178.634527] [<ffffffff8120ce87>] ? kmem_cache_alloc+0x197/0x200 [141178.634608] [<ffffffff8124b1ff>] ? __alloc_fd+0x3f/0x180 [141178.634682] [<ffffffff8122d32a>] do_sys_open+0x13a/0x230 [141178.638515] [<ffffffff8122d43e>] SyS_open+0x1e/0x20 [141178.642009] [<ffffffff817a05ae>] entry_SYSCALL_64_fastpath+0x12/0x71 [141178.645823] Code: 54 53 41 89 cc 0f b7 da 4c 8d 4d b0 4c 8d 45 ac 48 8d 4d b8 48 8d 55 c0 48 83 ec 38 65 48 8b 04 25 28 00 00 00 48 89 45 d8 31 c0 <4c> 8b 6f 28 48 c7 45 c0 00 00 00 00 41 be ff ff ff ff 48 c7 45 [141178.654169] RIP [<ffffffffa0a43fbb>] udf_try_read_meta+0x3b/0xc0 [udf] [141178.658116] RSP <ffff88000672ba78> [141178.661912] CR2: 0000000000000023 [141178.682361] ---[ end trace ebda902e602d218c ]--- Seriously -- a kernel null ptr deref in a major FS for over a year? Created attachment 1147800 [details]
UDF error check
Can you test the following patch? Looks like a simple case of missing an error check.
*********** MASS BUG UPDATE ************** We apologize for the inconvenience. There is a large number of bugs to go through and several of them have gone stale. Due to this, we are doing a mass bug update across all of the Fedora 23 kernel bugs. Fedora 23 has now been rebased to 4.7.4-100.fc23. Please test this kernel update (or newer) and let us know if you issue has been resolved or if it is still present with the newer kernel. If you have moved on to Fedora 24 or 25, and are still experiencing this issue, please change the version to Fedora 24 or 25. If you experience different issues, please open a new bug report for those. *********** MASS BUG UPDATE ************** This bug is being closed with INSUFFICIENT_DATA as there has not been a response in 4 weeks. If you are still experiencing this issue, please reopen and attach the relevant data from the latest kernel you are running and any data that might have been requested previously. The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |